Mail archive
alpine-user

[alpine-user] liblxc segfaults when trying to start unprivileged container

From: Daniel Kulesz <daniel.ina1_at_googlemail.com>
Date: Mon, 4 Mar 2019 23:56:59 +0100

Hi folks,

I tried setting up lxc in unprivileged mode on Alpine 3.9.2 (amd64), but every time I try to start any newly created container liblxc just segfaults like this (taken from dmesg):

[ 41.711333] 3[2590]: segfault at 0 ip 00007f20c35d9812 sp 00007ffd82b61740 error 4 in liblxc.so.1.5.0[7f20c35c4000+71000]
[ 41.711346] Code: c7 44 24 08 00 00 00 00 48 89 c3 4a 8d 04 20 48 89 04 24 c6 00 00 45 31 ed 48 8b 45 30 44 89 6c 24 0c 4e 8d 34 ed 00 00 00 00 <4e> 8b 24 e8 4d 85 e4 0f 84 84 01 00 00 48 89 de 4c 89 e7 e8 d8 f3

I've setup cgroups and uid/gid mappings using shadow-uidmap and I don't have any networking configured yet.

Here is the user's lxc configuration file:

localhost:~$ cat .config/lxc/default.conf
lxc.include = /etc/lxc/default.conf
lxc.idmap = u 0 100000 65536
lxc.idmap = g 0 100000 65536

And here's the output of lxc-checkconfig:

localhost:~$ lxc-checkconfig
--- Namespaces ---
Namespaces: enabled
Utsname namespace: enabled
Ipc namespace: enabled
Pid namespace: enabled
User namespace: enabled
Network namespace: enabled

--- Control groups ---
Cgroups: enabled

Cgroup v1 mount points:
/sys/fs/cgroup/openrc
/sys/fs/cgroup/cpuset
/sys/fs/cgroup/cpu
/sys/fs/cgroup/cpuacct
/sys/fs/cgroup/blkio
/sys/fs/cgroup/memory
/sys/fs/cgroup/devices
/sys/fs/cgroup/freezer
/sys/fs/cgroup/net_cls
/sys/fs/cgroup/net_prio
/sys/fs/cgroup/pids

Cgroup v2 mount points:
/sys/fs/cgroup/unified

Cgroup v1 systemd controller: missing
Cgroup v1 clone_children flag: enabled
Cgroup device: enabled
Cgroup sched: enabled
Cgroup cpu account: enabled
Cgroup memory controller: enabled
Cgroup cpuset: enabled

--- Misc ---
Veth pair device: enabled, not loaded
Macvlan: enabled, not loaded
Vlan: enabled, not loaded
Bridges: enabled, loaded
Advanced netfilter: enabled, not loaded
CONFIG_NF_NAT_IPV4: enabled, not loaded
CONFIG_NF_NAT_IPV6: enabled, not loaded
CONFIG_IP_NF_TARGET_MASQUERADE: enabled, not loaded
CONFIG_IP6_NF_TARGET_MASQUERADE: enabled, not loaded
CONFIG_NETFILTER_XT_TARGET_CHECKSUM: enabled, not loaded
CONFIG_NETFILTER_XT_MATCH_COMMENT: enabled, not loaded
FUSE (for use with lxcfs): enabled, not loaded

--- Checkpoint/Restore ---
checkpoint restore: missing
CONFIG_FHANDLE: enabled
CONFIG_EVENTFD: enabled
CONFIG_EPOLL: enabled
CONFIG_UNIX_DIAG: enabled
CONFIG_INET_DIAG: enabled
CONFIG_PACKET_DIAG: enabled
CONFIG_NETLINK_DIAG: enabled
File capabilities:

Note : Before booting a new kernel, you can check its configuration
usage : CONFIG=/path/to/config /usr/bin/lxc-checkconfig


Privileged containers work just fine.

Any ideas?

Cheers, Daniel


---
Unsubscribe:  alpine-user+unsubscribe_at_lists.alpinelinux.org
Help:         alpine-user+help_at_lists.alpinelinux.org
---
Received on Mon Mar 04 2019 - 23:56:59 UTC